My presentation will focus on Social Engineering attacks and the steps needed to create a Cyber Threat Attribution program and the various areas of consideration.
This will include identification of data sources, collection and storage of key artifacts into a data base, analyzing the data to identify clusters of related data points and finally tying this all together to create Threat Actor Attribution profiles.
The talking points of my presentation will be:
- Where to start
- Understanding your Cyber Threat Landscape
- Capturing and classifying your attacks
- Internal Data Sources
- Weblogs
- User submissions
- SPAM Filters
- External Data Sources
- Open Source Intelligence Feeds
- NGOs
- Vendors
- Collecting Artifacts
- E-mail messages
- URLs
- File Attachments
- Binaries
- Conducting Analysis
- Meta-data
- Unique Identifiers
- Network Artifacts
- Hours of Operation
- Methods of Operation
- Attack Patterns
- Clustering data
- Patterns
- Related Data Points
- Key Points of Interest
- Attribution
- Behaviors
- Habits
- Investigative tools
- Identification